cfg80211: Add Fast Initial Link Setup (FILS) auth algs

author Jouni Malinen <jouni@qca.qualcomm.com>

Wed, 26 Oct 2016 21:42:02 +0000 (00:42 +0300)

committer Johannes Berg <johannes.berg@intel.com>

Thu, 27 Oct 2016 14:03:23 +0000 (16:03 +0200)
author Jouni Malinen <jouni@qca.qualcomm.com>
Wed, 26 Oct 2016 21:42:02 +0000 (00:42 +0300)
committer Johannes Berg <johannes.berg@intel.com>
Thu, 27 Oct 2016 14:03:23 +0000 (16:03 +0200)
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h

index d428adf514464bdb15e7c1d0ae298bc3a9b70956..793a0174ba293af8920fac390cc37b2cf3ddbfae 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -1576,6 +1576,9 @@ struct ieee80211_vht_operation {
  #define WLAN_AUTH_SHARED_KEY 1
  #define WLAN_AUTH_FT 2
  #define WLAN_AUTH_SAE 3
+#define WLAN_AUTH_FILS_SK 4
+#define WLAN_AUTH_FILS_SK_PFS 5
+#define WLAN_AUTH_FILS_PK 6
  #define WLAN_AUTH_LEAP 128
  
  #define WLAN_AUTH_CHALLENGE_LEN 128
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h

index 7825fd4db19e260af52f538138a2035e8cda0b90..4dc21265cd12aa9e8df7cb60443b9f9940fe2ec4 100644 (file)
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -3669,6 +3669,9 @@ enum nl80211_bss_status {
   * @NL80211_AUTHTYPE_FT: Fast BSS Transition (IEEE 802.11r)
   * @NL80211_AUTHTYPE_NETWORK_EAP: Network EAP (some Cisco APs and mainly LEAP)
   * @NL80211_AUTHTYPE_SAE: Simultaneous authentication of equals
+ * @NL80211_AUTHTYPE_FILS_SK: Fast Initial Link Setup shared key
+ * @NL80211_AUTHTYPE_FILS_SK_PFS: Fast Initial Link Setup shared key with PFS
+ * @NL80211_AUTHTYPE_FILS_PK: Fast Initial Link Setup public key
   * @__NL80211_AUTHTYPE_NUM: internal
   * @NL80211_AUTHTYPE_MAX: maximum valid auth algorithm
   * @NL80211_AUTHTYPE_AUTOMATIC: determine automatically (if necessary by
@@ -3681,6 +3684,9 @@ enum nl80211_auth_type {
         NL80211_AUTHTYPE_FT,
         NL80211_AUTHTYPE_NETWORK_EAP,
         NL80211_AUTHTYPE_SAE,
+       NL80211_AUTHTYPE_FILS_SK,
+       NL80211_AUTHTYPE_FILS_SK_PFS,
+       NL80211_AUTHTYPE_FILS_PK,
  
         /* keep last */
         __NL80211_AUTHTYPE_NUM,
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c

index 704851142eedba29961d2dc5f0a11f54c11b7831..ff798620e929378f6f84025de315d0f52e2201df 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3778,12 +3778,23 @@ static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
                 if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
                     auth_type == NL80211_AUTHTYPE_SAE)
                         return false;
+               if (!wiphy_ext_feature_isset(&rdev->wiphy,
+                                            NL80211_EXT_FEATURE_FILS_STA) &&
+                   (auth_type == NL80211_AUTHTYPE_FILS_SK ||
+                    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
+                    auth_type == NL80211_AUTHTYPE_FILS_PK))
+                       return false;
                 return true;
         case NL80211_CMD_CONNECT:
         case NL80211_CMD_START_AP:
                 /* SAE not supported yet */
                 if (auth_type == NL80211_AUTHTYPE_SAE)
                         return false;
+               /* FILS not supported yet */
+               if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
+                   auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
+                   auth_type == NL80211_AUTHTYPE_FILS_PK)
+                       return false;
                 return true;
         default:
                 return false;
@@ -7810,12 +7821,18 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
         if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
                 return -EINVAL;
  
-       if (auth_type == NL80211_AUTHTYPE_SAE &&
+       if ((auth_type == NL80211_AUTHTYPE_SAE ||
+            auth_type == NL80211_AUTHTYPE_FILS_SK ||
+            auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
+            auth_type == NL80211_AUTHTYPE_FILS_PK) &&
             !info->attrs[NL80211_ATTR_AUTH_DATA])
                 return -EINVAL;
  
         if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
-               if (auth_type != NL80211_AUTHTYPE_SAE)
+               if (auth_type != NL80211_AUTHTYPE_SAE &&
+                   auth_type != NL80211_AUTHTYPE_FILS_SK &&
+                   auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
+                   auth_type != NL80211_AUTHTYPE_FILS_PK)
                         return -EINVAL;
                 auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
                 auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
author	Jouni Malinen <jouni@qca.qualcomm.com>
	Wed, 26 Oct 2016 21:42:02 +0000 (00:42 +0300)
committer	Johannes Berg <johannes.berg@intel.com>
	Thu, 27 Oct 2016 14:03:23 +0000 (16:03 +0200)
include/linux/ieee80211.h		patch \| blob \| blame \| history
include/uapi/linux/nl80211.h		patch \| blob \| blame \| history
net/wireless/nl80211.c		patch \| blob \| blame \| history